intent-recognition

Installation
SKILL.md

Intent Recognition

Concept of the skill

Classifying the intent of an operation BEFORE any tool call that could modify state, touch sensitive targets, rewrite history, install dependencies, publish packages, or expose credentials — sorting into Passive/Read, Reconnaissance, Modification, or Destructive/Irreversible by operation type plus target sensitivity, then running Identify / Confirm / Verify before action.

Coverage

Pre-execution action classification for any agent that can call tools with side effects. Defines four tiers — Passive/Read, Reconnaissance, Modification, Destructive/Irreversible — with the operation-and-target rule that determines tier (the target's sensitivity can elevate the tier above what the operation alone implies; reading a .env file is Reconnaissance even though no state changes). Specifies the three-step verification sequence (Identify the action and its tier, Confirm the rationale against the active plan, Verify whether a non-destructive alternative exists) that runs before any tier-3 or tier-4 action fires. Names the trigger phrases that should activate the skill. Catalogs the anti-patterns: classifying credential reads as Passive, treating package installs as Passive, skipping classification for familiar commands, classifying force-push as Modification, proceeding with Destructive actions without checking alternatives.

Philosophy of the skill

Agents execute tool calls at machine speed with no undo. Without an explicit pre-execution classification step, git reset --hard runs with the same ease as cat README.md. The cost of a single misclassified destructive action — wiped uncommitted work, dropped database, force-pushed branch — exceeds the cost of every classification step the agent will ever run. The math is simple: classification is cheap, regret is expensive.

The most subtle failure mode is target-content elevation. Reading a file is a Passive operation in the abstract. Reading a .env file is Reconnaissance because the target is sensitive — credentials, connection strings, API keys. The tier comes from the combination of operation and target, not the operation alone. A classifier that looks only at the verb misses half the risk surface.

The Identify / Confirm / Verify sequence is the second non-negotiable. Identify surfaces the agent's own reasoning about the action; if the agent can't state the tier and the rationale, it shouldn't fire the tool. Confirm tests the action against the agreed plan — drift between "what we agreed to do" and "what the next tool call will do" is itself a signal. Verify asks whether a safer alternative exists and is the step where most preventable destructive actions get caught.

1. The Four-Tier Taxonomy

Installs
8
First Seen
May 14, 2026
intent-recognition — jacob-balslev/skills